urlscan.io logo urlscan.io
SecurityTrails logo

powershellmagazine.com Open in urlscan Pro
185.199.111.153  Public Scan

Go To Rescan Add Verdict Report
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Submission: On February 02 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 11 domains to perform 36 HTTP transactions. The main IP is 185.199.111.153, located in United States and belongs to FASTLY, US. The main domain is powershellmagazine.com.
TLS certificate: Issued by R3 on December 24th 2022. Valid for: 3 months.
This is the only time powershellmagazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    185.199.111.153 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-111-153.github.com
powershellmagazine.com
2    2a00:1450:400d:806::200e (Ireland)

ASN15169 (GOOGLE, US)
www.google-analytics.com
18    76.223.126.88 (United States)

ASN16509 (AMAZON-02, US)
giscus.app
1    2a05:d014:275:cb00::c8 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
gc.zgo.at
1    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
2    199.232.196.134 (United States)

ASN54113 (FASTLY, US)
powershellmagazine.disqus.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:400d:80e::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a01:7e01::f03c:92ff:fe8f:edc6 (Frankfurt am Main, Germany)

ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
powershellmag.goatcounter.com
3    2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    185.199.109.154 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-154.github.com
github.githubassets.com
Apex Domain
Subdomains		 Transfer
18 giscus.app
giscus.app — Cisco Umbrella Rank: 210595
103 KB
5 powershellmagazine.com
powershellmagazine.com
602 KB
3 gstatic.com
fonts.gstatic.com
51 KB
2 disqus.com
powershellmagazine.disqus.com
2 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 21
20 KB
1 githubassets.com
github.githubassets.com — Cisco Umbrella Rank: 8980
18 KB
1 goatcounter.com
powershellmag.goatcounter.com
809 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 198
355 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 359
5 KB
1 zgo.at
gc.zgo.at — Cisco Umbrella Rank: 230333
3 KB
36 11
Domain Requested by
18 giscus.app powershellmagazine.com
giscus.app
5 powershellmagazine.com powershellmagazine.com
3 fonts.gstatic.com fonts.googleapis.com
2 powershellmagazine.disqus.com powershellmagazine.com
powershellmagazine.disqus.com
2 www.google-analytics.com powershellmagazine.com
www.google-analytics.com
1 github.githubassets.com giscus.app
1 powershellmag.goatcounter.com powershellmagazine.com
1 fonts.googleapis.com cdn.jsdelivr.net
1 cdnjs.cloudflare.com powershellmagazine.com
1 cdn.jsdelivr.net powershellmagazine.com
1 gc.zgo.at powershellmagazine.com
36 11

This site contains links to these domains. Also see Links.

Domain
www.blackhat.com
defcon.org
www.microsoft.com
www.facebook.com
twitter.com
github.com
www.youtube.com
Subject Issuer Validity Valid
powershellmagazine.com
R3		 2022-12-24 -
2023-03-24		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
giscus.app
R3		 2023-01-15 -
2023-04-15		 3 months crt.sh
gc.zgo.at
R3		 2023-01-13 -
2023-04-13		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
*.disqus.com
Sectigo RSA Domain Validation Secure Server CA		 2022-04-20 -
2023-04-20		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
*.goatcounter.com
R3		 2023-01-29 -
2023-04-29		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
*.githubassets.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-05 -
2023-10-05		 a year crt.sh

This page contains 2 frames:

Primary Page: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Frame ID: 912208A64631AFCD3CE512EF1C8481BA
Requests: 18 HTTP requests in this frame

Frame: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Frame ID: 2C1D69A113F61448C5741991C51B3A0A
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Investigating PowerShell Attacks

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

36
Requests

100 %
HTTPS

64 %
IPv6

11
Domains

11
Subdomains

11
IPs

3
Countries

1162 kB
Transfer

2543 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
powershellmagazine.com/2014/07/16/investigating-powershell-attacks/ 		424 KB
105 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-111-153.github.com
Software
GitHub.com /
Resource Hash
f5ad96ac2ba2b94eb0b812a28dd7af84cc6b3ec3acf7c400e20084a27489174a
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-encoding
gzip
content-length
107483
content-type
text/html; charset=utf-8
date
Thu, 02 Feb 2023 13:43:56 GMT
etag
W/"63c6bde5-69f4d"
expires
Thu, 02 Feb 2023 13:53:56 GMT
last-modified
Tue, 17 Jan 2023 15:25:25 GMT
server
GitHub.com
strict-transport-security
max-age=31556952
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-fastly-request-id
aaff8459779ee2a4f21db18b59da922e8f784fac
x-github-request-id
55D6:7A79:D5F204:1249EBB:63DBBE1C
x-proxy-cache
MISS
x-served-by
cache-hhn-etou8220095-HHN
x-timer
S1675345436.235447,VS0,VE191
syntax.css
powershellmagazine.com/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://powershellmagazine.com/css/syntax.css
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-111-153.github.com
Software
GitHub.com /
Resource Hash
34d729229eee218af73ecf2cd2ca6de72afad08003d1016f65001cf831d22c72
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-fastly-request-id
752311dce37262c5cad3e2380bb7ae67d51991b8
strict-transport-security
max-age=31556952
content-encoding
gzip
via
1.1 varnish
date
Thu, 02 Feb 2023 13:43:56 GMT
age
303
x-cache
HIT
x-cache-hits
1
x-proxy-cache
MISS
content-length
1417
x-served-by
cache-hhn-etou8220095-HHN
last-modified
Tue, 17 Jan 2023 15:25:10 GMT
server
GitHub.com
x-github-request-id
0DA8:1146:698D56:877C27:63DBA40B
x-timer
S1675345436.454008,VS0,VE2
etag
W/"63c6bdd6-2764"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Thu, 02 Feb 2023 12:02:43 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 02 Feb 2023 13:12:10 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
1906
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Thu, 02 Feb 2023 15:12:10 GMT
logo.png
powershellmagazine.com/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://powershellmagazine.com/images/logo.png
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-111-153.github.com
Software
GitHub.com /
Resource Hash
912867e20ea9b209848c43aa7b6cef1509264483534d41f83b60b98c4b37707a
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-fastly-request-id
cc6872c3b60191ef93120b0633340f5277b546a8
strict-transport-security
max-age=31556952
date
Thu, 02 Feb 2023 13:43:56 GMT
via
1.1 varnish
x-cache-hits
1
age
303
x-cache
HIT
x-proxy-cache
MISS
content-length
8460
x-served-by
cache-hhn-etou8220095-HHN
last-modified
Tue, 17 Jan 2023 15:25:10 GMT
server
GitHub.com
x-github-request-id
A176:12A2:C6580F:FF9677:63DB5A65
x-timer
S1675345436.493932,VS0,VE2
etag
"63c6bdd6-210c"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Thu, 02 Feb 2023 06:48:29 GMT
matt-hastings.jpg
powershellmagazine.com/images/author/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://powershellmagazine.com/images/author/matt-hastings.jpg
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-111-153.github.com
Software
GitHub.com /
Resource Hash
ff747ba94bf09920cf0e00acfc2fffff04f373d13584fd4fee52457ad65bc5a7
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-fastly-request-id
1f4007c263840244f79c8d3d74c6f9f38fb7fbb3
strict-transport-security
max-age=31556952
date
Thu, 02 Feb 2023 13:43:56 GMT
via
1.1 varnish
x-cache-hits
0
age
0
x-cache
MISS
x-proxy-cache
MISS
content-length
25489
x-served-by
cache-hhn-etou8220095-HHN
last-modified
Tue, 17 Jan 2023 15:25:10 GMT
server
GitHub.com
x-github-request-id
325E:0364:CCF93B:11BA5C3:63DBBE1C
x-timer
S1675345436.494089,VS0,VE99
etag
"63c6bdd6-6391"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Thu, 02 Feb 2023 13:53:56 GMT
client.js
giscus.app/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/client.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
1e2498eb3a1fa31e489ecc85b1159ff806e78ea83ec54337f5ce4f5cc3116c30
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://powershellmagazine.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
br
x-content-type-options
nosniff
date
Thu, 02 Feb 2023 13:43:56 GMT
strict-transport-security
max-age=63072000
age
352221
x-dns-prefetch-control
on
content-disposition
inline; filename="client.js"
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1:fra1::m59kt-1675345436545-ae97adb291f7
x-matched-path
/client.js
etag
W/"e190960f461f7eb550aba7d933b2356e"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, stale-while-revalidate=604800
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
count.js
gc.zgo.at/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gc.zgo.at/count.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
6bcae1eaede6699e89898eb0eb3b0b970f4e5107f6b453d45f7b75fc157e44a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-nf-request-id
01GR95X7XBQAG18GGZ0XGHKJCP
date
Wed, 01 Feb 2023 21:05:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000
server
Netlify
age
59887
etag
"8894f05d0e67bafaf25279dbff8bfd41-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public,max-age=7776000
accept-ranges
bytes
content-length
3023
webfontloader.js
cdn.jsdelivr.net/gh/theprojectsomething/webfontloader@feature/google-fonts-v2/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/theprojectsomething/webfontloader@feature/google-fonts-v2/webfontloader.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cd5158a29f458f82d6d01aa20ea24adae231490f6bd746fed7eafd4ee3f0d04e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 02 Feb 2023 13:43:56 GMT
x-content-type-options
nosniff
content-encoding
gzip
age
40974
x-jsd-version
feature
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
5102
x-served-by
cache-fra-eddf8230113-FRA
x-jsd-version-type
branch
etag
W/"31f9-gZkPe5HoO43rvzplEky79msDwAY"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
count.js
powershellmagazine.disqus.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://powershellmagazine.disqus.com/count.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Thu, 02 Feb 2023 13:43:56 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=300; includeSubdomains
X-Amz-Cf-Pop
DFW3-C1
Age
126
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 24 Jan 2023 18:53:30 GMT
Server
nginx
ETag
"63d0292a-367"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=300
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id
kNmEBgorZUrvQaKpHEXfAn6MVyBHYG02cx6LwmPjUbM60McZQwucMA==
all.min.js
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/js/ 		1 MB
355 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/js/all.min.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e45a1d7590bda6cb0af56a347e979215b8854ac49d54b7091ef1e64d1aa578a6
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://powershellmagazine.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
115719
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
362531
last-modified
Wed, 13 Jan 2021 22:29:05 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fff7431-12393b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tq7jTy618qylf1l0245MBaJFlA5Ue%2B4FZS7Byq%2Bn5gYSy47WJeE4Xgzc%2B8beOctX7HXgvsDFw4ejZ9nyFHf1F%2BRgNfQ8k3fHfHIpYNIYBzCVipjFeV62MuP3%2BIbmC4Z%2BUP5wmjM5R8rRlgQvTGktUXmO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
79335bd2488f3656-FRA
expires
Tue, 23 Jan 2024 13:43:56 GMT
footer-bg.svg
powershellmagazine.com/2014/07/16/images/backgrounds/ 		461 KB
461 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://powershellmagazine.com/2014/07/16/images/backgrounds/footer-bg.svg
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-111-153.github.com
Software
GitHub.com /
Resource Hash
54d720b35e4615f5cf3123cfc8309c5bf72473cb2325f53c4b5d9bdf7af1df10
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-fastly-request-id
e515cbbb4d510ccbe4247e459328b01ed30ca072
strict-transport-security
max-age=31556952
content-encoding
gzip
via
1.1 varnish
date
Thu, 02 Feb 2023 13:43:56 GMT
age
0
x-cache
MISS
x-cache-hits
0
content-length
139377
x-served-by
cache-hhn-etou8220095-HHN
server
GitHub.com
x-github-request-id
E01A:4C5C:D68507:12534F8:63DBBE1C
x-timer
S1675345436.499007,VS0,VE106
etag
W/"63c6bdfa-7346a"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,400;0,600;0,700;0,800;1,800&display=swap
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/theprojectsomething/webfontloader@feature/google-fonts-v2/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
346b80a02bd15dd1af830984a5f413f7467847b40ca759d5dbf86a2d57c2ea75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 02 Feb 2023 13:43:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 02 Feb 2023 13:43:56 GMT
widget
giscus.app/en/ Frame 2C1D 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel / Next.js
Resource Hash
d5207b9da25852a62823935e029009c043c8eb0acee56439fc2381867bf740a9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://powershellmagazine.com;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://powershellmagazine.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
cache-control
private, no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
frame-ancestors 'self' https://powershellmagazine.com;
content-type
text/html; charset=utf-8
date
Thu, 02 Feb 2023 13:43:56 GMT
etag
W/"141tfa3e2825m2"
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
referrer-policy
strict-origin
server
Vercel
strict-transport-security
max-age=63072000
x-content-type-options
nosniff
x-dns-prefetch-control
on
x-matched-path
/en/widget
x-powered-by
Next.js
x-vercel-cache
MISS
x-vercel-id
fra1::iad1::4ch7l-1675345436589-03167a601d21
x-xss-protection
1; mode=block
count-data.js
powershellmagazine.disqus.com/ 		289 B
870 B 		Script
General
Check archive.org
Download Go to
Full URL
https://powershellmagazine.disqus.com/count-data.js?2=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Requested by
Host: powershellmagazine.disqus.com
URL: https://powershellmagazine.disqus.com/count.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
be41e7ecc3a74775359a9f34285872ef4bb5a63d4d119a97995205104dcfb5be
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Thu, 02 Feb 2023 13:43:56 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
289
X-XSS-Protection
1; mode=block
collect
www.google-analytics.com/j/ 		2 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1453731123&t=pageview&_s=1&dl=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&ul=en-us&de=UTF-8&dt=Investigating%20PowerShell%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=988471968&gjid=250933445&cid=2108397245.1675345437&tid=UA-3619442-3&_gid=850548015.1675345437&_r=1&_slc=1&z=1269789522
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://powershellmagazine.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 02 Feb 2023 13:43:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://powershellmagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
count
powershellmag.goatcounter.com/ 		43 B
809 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://powershellmag.goatcounter.com/count?p=%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&t=Investigating%20PowerShell%20Attacks&s=1600%2C1200%2C1&b=0&rnd=cwhpg
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a01:7e01::f03c:92ff:fe8f:edc6 Frankfurt am Main, Germany, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
Software
/
Resource Hash
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; font-src 'self' https://gc.zgo.at static.zgo.at; manifest-src 'self' https://gc.zgo.at static.zgo.at; style-src 'self' https://gc.zgo.at static.zgo.at 'unsafe-inline'; form-action 'self'; connect-src 'self' wss:; frame-src 'self'; default-src 'none'; img-src 'self' https://gc.zgo.at static.zgo.at 'unsafe-inline'; script-src 'self' https://gc.zgo.at static.zgo.at
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options deny

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'none'; font-src 'self' https://gc.zgo.at static.zgo.at; manifest-src 'self' https://gc.zgo.at static.zgo.at; style-src 'self' https://gc.zgo.at static.zgo.at 'unsafe-inline'; form-action 'self'; connect-src 'self' wss:; frame-src 'self'; default-src 'none'; img-src 'self' https://gc.zgo.at static.zgo.at 'unsafe-inline'; script-src 'self' https://gc.zgo.at static.zgo.at
strict-transport-security
max-age=7776000
x-content-type-options
nosniff
x-rate-limit-limit
4
content-encoding
gzip
x-rate-limit-remaining
4
date
Thu, 02 Feb 2023 13:43:56 GMT
age
0
via
1.1 varnish (Varnish/7.1)
content-length
56
x-frame-options
deny
vary
Accept-Encoding
content-type
image/gif
access-control-allow-origin
*
x-varnish
96862224
cache-control
no-store,no-cache
x-rate-limit-reset
1
accept-ranges
bytes
pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2
fonts.gstatic.com/s/nunitosans/v12/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,400;0,600;0,700;0,800;1,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fce8ebc3557b63496f8fafe1c182f2aa8669550f9398b4d9beebddd43306ed3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Sat, 28 Jan 2023 20:11:25 GMT
x-content-type-options
nosniff
age
408751
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17324
x-xss-protection
0
last-modified
Mon, 09 May 2022 18:31:14 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Jan 2024 20:11:25 GMT
pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
fonts.gstatic.com/s/nunitosans/v12/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,400;0,600;0,700;0,800;1,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Sat, 28 Jan 2023 07:38:22 GMT
x-content-type-options
nosniff
age
453934
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16980
x-xss-protection
0
last-modified
Mon, 09 May 2022 18:33:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Jan 2024 07:38:22 GMT
pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
fonts.gstatic.com/s/nunitosans/v12/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,400;0,600;0,700;0,800;1,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Sun, 29 Jan 2023 17:07:07 GMT
x-content-type-options
nosniff
age
333409
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17156
x-xss-protection
0
last-modified
Mon, 09 May 2022 18:33:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 29 Jan 2024 17:07:07 GMT
light.css
giscus.app/themes/ Frame 2C1D 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giscus.app/themes/light.css
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
9155b6369592914e212076aef4247a7f17cde99acbeba93b22fdad4908d1305d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://giscus.app/
Origin
https://giscus.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
br
x-content-type-options
nosniff
date
Thu, 02 Feb 2023 13:43:56 GMT
strict-transport-security
max-age=63072000
age
403102
x-dns-prefetch-control
on
content-disposition
inline; filename="light.css"
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1:fra1::2hxcb-1675345436973-81607e7e962e
x-matched-path
/themes/light.css
etag
W/"a684eaeea2b0250471765da00d398d52"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, stale-while-revalidate=604800
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
eff1ba2c54f8fead.css
giscus.app/_next/static/css/ Frame 2C1D 		35 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/css/eff1ba2c54f8fead.css
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
8a4ca0d1bf5acfa32ad6655e4ba7b7bbd7463274b84159c6e4aa2b8cbede8713
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::fb9cr-1675345436973-044b5061c6ee
age
394448
x-matched-path
/_next/static/css/eff1ba2c54f8fead.css
etag
W/"f83a99a5ecded32b3c78f49e848f7c93"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="eff1ba2c54f8fead.css"
webpack-e347db1799f97f36.js
giscus.app/_next/static/chunks/ Frame 2C1D 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/webpack-e347db1799f97f36.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
1a5b3cbbfa1e0832416198a57abedeaf20d0b7a7e104820caefb5057cab17ffe
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::jz9bb-1675345436981-be15012d57df
age
393133
x-matched-path
/_next/static/chunks/webpack-e347db1799f97f36.js
etag
W/"ed092241e5b2e39aa42e0fbb8d1778c9"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="webpack-e347db1799f97f36.js"
framework-23bee438748717e6.js
giscus.app/_next/static/chunks/ Frame 2C1D 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/framework-23bee438748717e6.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
6bd950c1902e1f2150524c8730d363c52b3fa68f91656b4a7b802f15f3cf9eb8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::fb9cr-1675345436976-13f8192efaa1
age
391097
x-matched-path
/_next/static/chunks/framework-23bee438748717e6.js
etag
W/"f2373a8e098669640b64586561718bdd"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="framework-23bee438748717e6.js"
main-59db0f43786f3c48.js
giscus.app/_next/static/chunks/ Frame 2C1D 		106 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/main-59db0f43786f3c48.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
404e5254ffc1ebd7b398d188fdf49c04aa01e98077ac8944de5eb73ae7cce0f5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::4ch7l-1675345436976-2bd8f9871e67
age
396075
x-matched-path
/_next/static/chunks/main-59db0f43786f3c48.js
etag
W/"585c734fd2d4c75bfe16268b276cdf33"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="main-59db0f43786f3c48.js"
_app-ceb9ca87e9aa017c.js
giscus.app/_next/static/chunks/pages/ Frame 2C1D 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/pages/_app-ceb9ca87e9aa017c.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
fce7c2517d7b494721aa9556b0908342e570a17de491305f46f9007c88349080
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::f2sd4-1675345436976-313c107ef618
age
25717
x-matched-path
/_next/static/chunks/pages/_app-ceb9ca87e9aa017c.js
etag
W/"9c5c8ee38fa0e90c1cefffb20fac0460"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_app-ceb9ca87e9aa017c.js"
0e226fb0-b55bb71ec498fa7a.js
giscus.app/_next/static/chunks/ Frame 2C1D 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/0e226fb0-b55bb71ec498fa7a.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
79ace1fe882f936723e613ae5cc1ae4c78b46cd280d4262ee7ddb2484be35f74
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::fb9cr-1675345436976-c35f8a1ae0ac
age
391737
x-matched-path
/_next/static/chunks/0e226fb0-b55bb71ec498fa7a.js
etag
W/"fecb7a013f40ab00d9d2b47303134e45"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="0e226fb0-b55bb71ec498fa7a.js"
8335-8143afbef6b5eba8.js
giscus.app/_next/static/chunks/ Frame 2C1D 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/8335-8143afbef6b5eba8.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
4cd5db59c5cceb7e3465606d877028c86aee0a67ce5ff5a672b7b4160534d54b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::sr7jb-1675345436976-2f6705ed752d
age
4571
x-matched-path
/_next/static/chunks/8335-8143afbef6b5eba8.js
etag
W/"f50d0ad2c385adaf6462764bdcd9b7fd"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="8335-8143afbef6b5eba8.js"
1251-eb43e9deab192890.js
giscus.app/_next/static/chunks/ Frame 2C1D 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/1251-eb43e9deab192890.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
2e5bab450034472cbb155dd8ea716b89ade7cafc88ee76b6acd010d05da3571a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::2ctcs-1675345436977-89537fb9b36b
age
400603
x-matched-path
/_next/static/chunks/1251-eb43e9deab192890.js
etag
W/"2122fb097cc282afb55614d5e669ae25"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="1251-eb43e9deab192890.js"
widget-6f26ac253f31437c.js
giscus.app/_next/static/chunks/pages/ Frame 2C1D 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/pages/widget-6f26ac253f31437c.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
5860b392c703859da24a7fb14fa8fe10dbe829839417a214298fd5517224690d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::2gp7m-1675345436976-a27e51202ecd
age
395290
x-matched-path
/_next/static/chunks/pages/widget-6f26ac253f31437c.js
etag
W/"fc4b839cff8d932bc3d13cfa74615da3"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="widget-6f26ac253f31437c.js"
_buildManifest.js
giscus.app/_next/static/c_5v97wPglgc9vgODoL72/ Frame 2C1D 		510 B
691 B 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/c_5v97wPglgc9vgODoL72/_buildManifest.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
5264f64cdd428110425319287958dac385edf69c4d5fb5f6c1b53293aaf8d01f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::sr7jb-1675345436980-b6740710cc9f
age
377349
x-matched-path
/_next/static/c_5v97wPglgc9vgODoL72/_buildManifest.js
etag
"66e62b5fedf667f893f5c53585b9fcf3"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_buildManifest.js"
accept-ranges
bytes
content-length
510
_ssgManifest.js
giscus.app/_next/static/c_5v97wPglgc9vgODoL72/ Frame 2C1D 		88 B
287 B 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/c_5v97wPglgc9vgODoL72/_ssgManifest.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
a66383b381b46cccc8f600e19dedea91beedf07e06bb49f011fa7f7073ead591
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:56 GMT
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::2ctcs-1675345436979-6d15be0871b3
age
402812
x-matched-path
/_next/static/c_5v97wPglgc9vgODoL72/_ssgManifest.js
etag
"bee22ea531beed3eeff60fb48f41c658"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_ssgManifest.js"
accept-ranges
bytes
content-length
88
mona-loading-default.gif
github.githubassets.com/images/ Frame 2C1D 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://github.githubassets.com/images/mona-loading-default.gif
Requested by
Host: giscus.app
URL: https://giscus.app/themes/light.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
39fa568a092fdebfdbd1f074bf936bbe0dc6e7b7b470b267ec459622552a24a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-fastly-request-id
0db75186ff06fadc8fd818a142e75f15a8bdd7ad
date
Thu, 02 Feb 2023 13:43:57 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=31536000
age
5576
x-cache
HIT, HIT
content-length
18278
x-served-by
cache-iad-kiad7000067-IAD, cache-fra-eddf8230037-FRA
last-modified
Thu, 23 Sep 2021 16:38:06 GMT
server
AmazonS3
etag
"c502cd01c910b4f53d86603d6bd078ff"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
image/gif
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-origin
*
accept-ranges
bytes
x-cache-hits
112, 8
discussions
giscus.app/api/ Frame 2C1D 		32 B
112 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://giscus.app/api/discussions?repo=PowerShell-Magazine%2Fsite&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&category=Announcements&number=0&strict=true&last=15
Requested by
Host: giscus.app
URL: https://giscus.app/_next/static/chunks/pages/widget-6f26ac253f31437c.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
5bbe611e6b3fd3b25d7dc9b7bf4ac81468da805191033f8e0147c39dd8318b2e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Thu, 02 Feb 2023 13:43:57 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
age
0
x-dns-prefetch-control
on
content-length
32
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1::iad1::2ctcs-1675345437043-7e78340721d8
x-matched-path
/api/discussions
etag
"hac8x51afpw"
x-vercel-cache
MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://giscus.app
cache-control
public, max-age=0, must-revalidate
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
discussions
giscus.app/api/ Frame 2C1D 		32 B
212 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://giscus.app/api/discussions?repo=PowerShell-Magazine%2Fsite&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&category=Announcements&number=0&strict=true&first=15
Requested by
Host: giscus.app
URL: https://giscus.app/_next/static/chunks/pages/widget-6f26ac253f31437c.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
5bbe611e6b3fd3b25d7dc9b7bf4ac81468da805191033f8e0147c39dd8318b2e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Thu, 02 Feb 2023 13:43:57 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
age
0
x-dns-prefetch-control
on
content-length
32
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1::iad1::f2sd4-1675345437043-9f4f3be783e6
x-matched-path
/api/discussions
etag
"hac8x51afpw"
x-vercel-cache
MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://giscus.app
cache-control
public, max-age=0, must-revalidate
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
74.dba2773f28b2d6c8.js
giscus.app/_next/static/chunks/ Frame 2C1D 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/74.dba2773f28b2d6c8.js
Requested by
Host: giscus.app
URL: https://giscus.app/_next/static/chunks/webpack-e347db1799f97f36.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
9e29a20a352977b73bfa59e7eb4e14f2d8d17e1df953e001c59653c704026130
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 02 Feb 2023 13:43:57 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1:fra1::f2sd4-1675345437141-a3c8455dfcad
age
399121
x-matched-path
/_next/static/chunks/74.dba2773f28b2d6c8.js
etag
W/"2c41d3add801332ba9ab6f81bdfad0f5"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="74.dba2773f28b2d6c8.js"
light.css
giscus.app/themes/ Frame 2C1D 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giscus.app/themes/light.css
Requested by
Host: giscus.app
URL: https://giscus.app/_next/static/chunks/pages/_app-ceb9ca87e9aa017c.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
9155b6369592914e212076aef4247a7f17cde99acbeba93b22fdad4908d1305d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://giscus.app/
Origin
https://giscus.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
br
x-content-type-options
nosniff
date
Thu, 02 Feb 2023 13:43:57 GMT
strict-transport-security
max-age=63072000
age
398658
x-dns-prefetch-control
on
content-disposition
inline; filename="light.css"
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1:fra1::fb9cr-1675345437141-b7a8cb8cd3bc
x-matched-path
/themes/light.css
etag
W/"a684eaeea2b0250471765da00d398d52"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, stale-while-revalidate=604800
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange boolean| doNotTrack function| ga object| WebFont object| fuseOptions string| searchQuery function| executeSearch function| populateResults function| param function| render function| preloader function| $ function| jQuery object| bootstrap function| Instafeed function| Fuse function| Mark number| summaryInclude object| DISQUSWIDGETS undefined| disqus_domain undefined| disqus_shortname object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| goatcounter

3 Cookies

Domain/Path Name / Value
.powershellmagazine.com/ Name: _ga
Value: GA1.2.2108397245.1675345437
.powershellmagazine.com/ Name: _gid
Value: GA1.2.850548015.1675345437
.powershellmagazine.com/ Name: _gat
Value: 1

4 Console Messages

Source Level URL
Text
network error URL: https://powershellmagazine.com/2014/07/16/images/backgrounds/footer-bg.svg
Message:
Failed to load resource: the server responded with a status of 404 ()
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://giscus.app/api/discussions?repo=PowerShell-Magazine%2Fsite&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&category=Announcements&number=0&strict=true&first=15
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://giscus.app/api/discussions?repo=PowerShell-Magazine%2Fsite&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&category=Announcements&number=0&strict=true&last=15
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556952

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
gc.zgo.at
giscus.app
github.githubassets.com
powershellmag.goatcounter.com
powershellmagazine.com
powershellmagazine.disqus.com
www.google-analytics.com
185.199.109.154
185.199.111.153
199.232.196.134
2606:4700::6811:180e
2a00:1450:400d:806::200e
2a00:1450:400d:80a::2003
2a00:1450:400d:80e::200a
2a01:7e01::f03c:92ff:fe8f:edc6
2a04:4e42:200::485
2a05:d014:275:cb00::c8
76.223.126.88
1a5b3cbbfa1e0832416198a57abedeaf20d0b7a7e104820caefb5057cab17ffe
1e2498eb3a1fa31e489ecc85b1159ff806e78ea83ec54337f5ce4f5cc3116c30
2e5bab450034472cbb155dd8ea716b89ade7cafc88ee76b6acd010d05da3571a
346b80a02bd15dd1af830984a5f413f7467847b40ca759d5dbf86a2d57c2ea75
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
34d729229eee218af73ecf2cd2ca6de72afad08003d1016f65001cf831d22c72
39fa568a092fdebfdbd1f074bf936bbe0dc6e7b7b470b267ec459622552a24a7
404e5254ffc1ebd7b398d188fdf49c04aa01e98077ac8944de5eb73ae7cce0f5
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb
4cd5db59c5cceb7e3465606d877028c86aee0a67ce5ff5a672b7b4160534d54b
5264f64cdd428110425319287958dac385edf69c4d5fb5f6c1b53293aaf8d01f
54d720b35e4615f5cf3123cfc8309c5bf72473cb2325f53c4b5d9bdf7af1df10
5860b392c703859da24a7fb14fa8fe10dbe829839417a214298fd5517224690d
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5bbe611e6b3fd3b25d7dc9b7bf4ac81468da805191033f8e0147c39dd8318b2e
6bcae1eaede6699e89898eb0eb3b0b970f4e5107f6b453d45f7b75fc157e44a7
6bd950c1902e1f2150524c8730d363c52b3fa68f91656b4a7b802f15f3cf9eb8
6fce8ebc3557b63496f8fafe1c182f2aa8669550f9398b4d9beebddd43306ed3
79ace1fe882f936723e613ae5cc1ae4c78b46cd280d4262ee7ddb2484be35f74
8a4ca0d1bf5acfa32ad6655e4ba7b7bbd7463274b84159c6e4aa2b8cbede8713
912867e20ea9b209848c43aa7b6cef1509264483534d41f83b60b98c4b37707a
9155b6369592914e212076aef4247a7f17cde99acbeba93b22fdad4908d1305d
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
9e29a20a352977b73bfa59e7eb4e14f2d8d17e1df953e001c59653c704026130
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a66383b381b46cccc8f600e19dedea91beedf07e06bb49f011fa7f7073ead591
be41e7ecc3a74775359a9f34285872ef4bb5a63d4d119a97995205104dcfb5be
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3
cd5158a29f458f82d6d01aa20ea24adae231490f6bd746fed7eafd4ee3f0d04e
d5207b9da25852a62823935e029009c043c8eb0acee56439fc2381867bf740a9
e45a1d7590bda6cb0af56a347e979215b8854ac49d54b7091ef1e64d1aa578a6
f5ad96ac2ba2b94eb0b812a28dd7af84cc6b3ec3acf7c400e20084a27489174a
fce7c2517d7b494721aa9556b0908342e570a17de491305f46f9007c88349080
ff747ba94bf09920cf0e00acfc2fffff04f373d13584fd4fee52457ad65bc5a7